Justdial

In April 2019 an unprotected API endpoint on the Justdial local search engine platform exposed the personal details of approximately 100 million users. Security researchers discovered that multiple databases were accessible via publicly reachable URLs without any authentication. The exposed data included sensitive user profile information such as names, email addresses, mobile numbers, and residential addresses. Additionally, gender, dates of birth, and occupation details were accessible alongside search history logs. Investigations suggested that these security vulnerabilities had been present in the systems since mid-2015, leaving user data vulnerable for several years before the issue was addressed by the company.